--- loncom/interface/loncreateuser.pm 2001/02/15 00:57:41 1.1 +++ loncom/interface/loncreateuser.pm 2003/09/21 21:40:06 1.68 @@ -1,62 +1,1207 @@ -# The LearningOnline Network +# The LearningOnline Network with CAPA # Create a user # -# (Create a course -# (My Desk +# $Id: loncreateuser.pm,v 1.68 2003/09/21 21:40:06 www Exp $ # -# (Internal Server Error Handler +# Copyright Michigan State University Board of Trustees # -# (Login Screen -# 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14, -# 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer) +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). # -# 3/1/1 Gerd Kortemeyer) +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. # -# 3/1 Gerd Kortemeyer) +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# 2/14 Gerd Kortemeyer) +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# 2/14 Gerd Kortemeyer +# /home/httpd/html/adm/gpl.txt # +# http://www.lon-capa.org/ +# +### + package Apache::loncreateuser; +=pod + +=head1 NAME + +Apache::loncreateuser - handler to create users and custom roles + +=head1 SYNOPSIS + +Apache::loncreateuser provides an Apache handler for creating users, + editing their login parameters, roles, and removing roles, and + also creating and assigning custom roles. + +=head1 OVERVIEW + +=head2 Custom Roles + +In LON-CAPA, roles are actually collections of privileges. "Teaching +Assistant", "Course Coordinator", and other such roles are really just +collection of privileges that are useful in many circumstances. + +Creating custom roles can be done by the Domain Coordinator through +the Create User functionality. That screen will show all privileges +that can be assigned to users. For a complete list of privileges, +please see C. + +Custom role definitions are stored in the C file of the role +author. + +=cut + use strict; use Apache::Constants qw(:common :http); use Apache::lonnet; +use Apache::loncommon; +use Apache::lonlocal; -sub handler { - my $r = shift; +my $loginscript; # piece of javascript used in two separate instances +my $generalrule; +my $authformnop; +my $authformkrb; +my $authformint; +my $authformfsys; +my $authformloc; - if ($r->header_only) { - $r->content_type('text/html'); - $r->send_http_header; - return OK; +BEGIN { + $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; + my $krbdefdom=$1; + $krbdefdom=~tr/a-z/A-Z/; + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom + ); +# no longer static due to configurable kerberos defaults +# $loginscript = &Apache::loncommon::authform_header(%param); + $generalrule = &Apache::loncommon::authform_authorwarning(%param); + $authformnop = &Apache::loncommon::authform_nochange(%param); +# no longer static due to configurable kerberos defaults +# $authformkrb = &Apache::loncommon::authform_kerberos(%param); + $authformint = &Apache::loncommon::authform_internal(%param); + $authformfsys = &Apache::loncommon::authform_filesystem(%param); + $authformloc = &Apache::loncommon::authform_local(%param); +} + + +# ======================================================= Existing Custom Roles + +sub my_custom_roles { + my %returnhash=(); + my %rolehash=&Apache::lonnet::dump('roles'); + foreach (keys %rolehash) { + if ($_=~/^rolesdef\_(\w+)$/) { + $returnhash{$1}=$1; + } } + return %returnhash; +} - if (&Apache::lonnet::allowed('ccc',$ENV{'user.domain'})) { - $r->content_type('text/html'); - $r->send_http_header; +# ==================================================== Figure out author access + +sub authorpriv { + my ($auname,$audom)=@_; + if (($auname ne $ENV{'user.name'}) || + (($audom ne $ENV{'user.domain'}) && + ($audom ne $ENV{'request.role.domain'}))) { return ''; } + unless (&Apache::lonnet::allowed('cca',$audom)) { return ''; } + return 1; +} +# =================================================================== Phase one - $r->print(< 'Generate new role ...',%existingroles)); + $r->print(<<"ENDDOCUMENT"); The LearningOnline Network with CAPA +$selscript - -

Create User, Change User Privileges

- +$bodytag +
+ +

Set Individual User Roles

+ + +
Username: +$sellink
+Domain:$domform
+ +
+
+ +

Edit Custom Role Privileges

+Name of Role: $choice
+ ENDDOCUMENT +} + +# =================================================================== Phase two +sub print_user_modification_page { + my $r=shift; + my $ccuname=$ENV{'form.ccuname'}; + my $ccdomain=$ENV{'form.ccdomain'}; + + $ccuname=~s/\W//gs; + $ccdomain=~s/\W//gs; + + unless (($ccuname) && ($ccdomain)) { + &print_username_entry_form($r); + return; + } + + my $defdom=$ENV{'request.role.domain'}; + my ($krbdef,$krbdefdom) = + &Apache::loncommon::get_kerberos_defaults($defdom); + + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom, + kerb_def_auth => $krbdef + ); + $loginscript = &Apache::loncommon::authform_header(%param); + $authformkrb = &Apache::loncommon::authform_kerberos(%param); + + $ccuname=~s/\W//g; + $ccdomain=~s/\W//g; + my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition(); + my $dochead =<<"ENDDOCHEAD"; + + +The LearningOnline Network with CAPA + + +ENDDOCHEAD + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges')); + my $forminfo =<<"ENDFORMINFO"; + + + + + + + +ENDFORMINFO + my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); + my %incdomains; + my %inccourses; + foreach (values(%Apache::lonnet::hostdom)) { + $incdomains{$_}=1; + } + foreach (keys(%ENV)) { + if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) { + $inccourses{$1.'_'.$2}=1; + } + } + if ($uhome eq 'no_host') { + my $home_server_list= + ''."\n". + &Apache::loncommon::home_server_option_list($ccdomain); + + $r->print(<Create New User +$forminfo +

New user "$ccuname" in domain $ccdomain

+ + +

Personal Data

+

+ + + + + + + + + +
First Name
Middle Name
Last Name
Generation
+ID/Student Number

+Home Server: +
+

Login Data

+

$generalrule

+

$authformkrb

+

$authformint

+

$authformfsys

+

$authformloc

+ENDNEWUSER + } else { # user already exists + $r->print(<Change User Privileges +$forminfo +

User "$ccuname" in domain "$ccdomain"

+ENDCHANGEUSER + # Get the users information + my %userenv = &Apache::lonnet::get('environment', + ['firstname','middlename','lastname','generation'], + $ccdomain,$ccuname); + my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname); + $r->print(< + + + + + +END + foreach ('firstname','middlename','lastname','generation') { + if (&Apache::lonnet::allowed('mau',$ccdomain)) { + $r->print(<<"END"); + +END + } else { + $r->print(''); + } + } + $r->print(< +
first namemiddle namelast namegeneration
'.$userenv{$_}.'
+END + # Build up table of user roles to allow revocation of a role. + my ($tmp) = keys(%rolesdump); + unless ($tmp =~ /^(con_lost|error)/i) { + my $now=time; + $r->print(< +

Revoke Existing Roles

+ + +END + foreach my $area (sort { my $a1=join('_',(split('_',$a))[1,0]); + my $b1=join('_',(split('_',$b))[1,0]); + return $a1 cmp $b1; + } keys(%rolesdump)) { + next if ($area =~ /^rolesdef/); + my $role = $rolesdump{$area}; + my $thisrole=$area; + $area =~ s/\_\w\w$//; + my ($role_code,$role_end_time,$role_start_time) = + split(/_/,$role); +# Is this a custom role? Get role owner and title. + my ($croleudom,$croleuname,$croletitle)= + ($role_code=~/^cr\/(\w+)\/(\w+)\/(\w+)$/); + my $bgcol='ffffff'; + my $allowed=0; + my $delallowed=0; + if ($area =~ /^\/(\w+)\/(\d\w+)/ ) { + my ($coursedom,$coursedir) = ($1,$2); + # $1.'_'.$2 is the course id (eg. 103_12345abcef103l3). + my %coursedata= + &Apache::lonnet::coursedescription($1.'_'.$2); + my $carea; + if (defined($coursedata{'description'})) { + $carea='Course: '.$coursedata{'description'}. + '
Domain: '.$coursedom.(' 'x8). + &Apache::loncommon::syllabuswrapper('Syllabus',$coursedir,$coursedom); + } else { + $carea='Unavailable course: '.$area; + } + $inccourses{$1.'_'.$2}=1; + if ((&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { + $allowed=1; + } + if ((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) { + $delallowed=1; + } +# - custom role. Needs more info, too + if ($croletitle) { + if (&Apache::lonnet::allowed('ccr',$1.'/'.$2)) { + $allowed=1; + $thisrole.='.'.$role_code; + } + } + # Compute the background color based on $area + $bgcol=$1.'_'.$2; + $bgcol=~s/[^7-9a-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6); + if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + $carea.='
Section/Group: '.$3; + } + $area=$carea; + } else { + # Determine if current user is able to revoke privileges + if ($area=~ /^\/(\w+)\//) { + if ((&Apache::lonnet::allowed('c'.$role_code,$1)) || + (&Apache::lonnet::allowed('c'.$role_code,$ccdomain))) { + $allowed=1; + } + if (((&Apache::lonnet::allowed('dro',$1)) || + (&Apache::lonnet::allowed('dro',$ccdomain))) && + ($role_code ne 'dc')) { + $delallowed=1; + } + } else { + if (&Apache::lonnet::allowed('c'.$role_code,'/')) { + $allowed=1; + } + } + } + if ($role_code eq 'ca') { + $area=~/\/(\w+)\/(\w+)/; + if (&authorpriv($2,$1)) { + $allowed=1; + } else { + $allowed=0; + } + } + my $row = ''; + $row.='\n"; + $r->print($row); + } # end of foreach (table building loop) + $r->print('
RevokeDeleteRoleExtentStartEnd
'; + my $active=1; + $active=0 if (($role_end_time) && ($now>$role_end_time)); + if (($active) && ($allowed)) { + $row.= ''; + } else { + if ($active) { + $row.=' '; + } else { + $row.='expired or revoked'; + } + } + $row.=''; + if ($delallowed) { + $row.= ''; + } else { + $row.=' '; + } + my $plaintext=''; + unless ($croletitle) { + $plaintext=&Apache::lonnet::plaintext($role_code); + } else { + $plaintext= + "Customrole '$croletitle' defined by $croleuname\@$croleudom"; + } + $row.= ''.$plaintext. + ''.$area. + ''.($role_start_time?localtime($role_start_time) + : ' ' ). + ''.($role_end_time ?localtime($role_end_time) + : ' ' ) + ."
'); + } # End of unless + my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); + if ($currentauth=~/^krb(4|5):/) { + $currentauth=~/^krb(4|5):(.*)/; + my $krbdefdom=$1; + my %param = ( formname => 'document.cu', + kerb_def_dom => $krbdefdom + ); + $loginscript = &Apache::loncommon::authform_header(%param); + } + # Check for a bad authentication type + unless ($currentauth=~/^krb(4|5):/ or + $currentauth=~/^unix:/ or + $currentauth=~/^internal:/ or + $currentauth=~/^localauth:/ + ) { # bad authentication scheme + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { + $r->print(< + +ERROR: +This user has an unrecognized authentication scheme ($currentauth). +Please specify login data below. +

Login Data

+

$generalrule

+

$authformkrb

+

$authformint

+

$authformfsys

+

$authformloc

+ENDBADAUTH + } else { + # This user is not allowed to modify the users + # authentication scheme, so just notify them of the problem + $r->print(< + + ERROR: +This user has an unrecognized authentication scheme ($currentauth). +Please alert a domain coordinator of this situation. +
+ENDBADAUTH + } + } else { # Authentication type is valid + my $authformcurrent=''; + my $authform_other=''; + if ($currentauth=~/^krb(4|5):/) { + $authformcurrent=$authformkrb; + $authform_other="

$authformint

\n". + "

$authformfsys

$authformloc

"; + } + elsif ($currentauth=~/^internal:/) { + $authformcurrent=$authformint; + $authform_other="

$authformkrb

". + "

$authformfsys

$authformloc

"; + } + elsif ($currentauth=~/^unix:/) { + $authformcurrent=$authformfsys; + $authform_other="

$authformkrb

". + "

$authformint

$authformloc;

"; + } + elsif ($currentauth=~/^localauth:/) { + $authformcurrent=$authformloc; + $authform_other="

$authformkrb

". + "

$authformint

$authformfsys

"; + } + $authformcurrent.=' (will override current values)
'; + if (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'})) { + # Current user has login modification privileges + $r->print(< + +

Change Current Login Data

+

$generalrule

+

$authformnop

+

$authformcurrent

+

Enter New Login Data

+$authform_other +ENDOTHERAUTHS + } + } ## End of "check for bad authentication type" logic + } ## End of new user/old user logic + $r->print('

Add Roles

'); +# +# Co-Author +# + if (&authorpriv($ENV{'user.name'},$ENV{'request.role.domain'}) && + ($ENV{'user.name'} ne $ccuname || $ENV{'user.domain'} ne $ccdomain)) { + # No sense in assigning co-author role to yourself + my $cuname=$ENV{'user.name'}; + my $cudom=$ENV{'request.role.domain'}; + $r->print(<Construction Space + + + + + + + + + +
ActivateRoleExtentStartEnd
Co-Author$cudom\_$cuname +Set Start Date +Set End Date
+ENDCOAUTH + } +# +# Domain level +# + $r->print('

Domain Level

'. + ''. + ''); + foreach ( sort( keys(%incdomains))) { + my $thisdomain=$_; + foreach ('dc','li','dg','au') { + if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) { + my $plrole=&Apache::lonnet::plaintext($_); + $r->print(< + + + + + + +ENDDROW + } + } + } + $r->print('
ActivateRoleExtentStartEnd
$plrole$thisdomain +Set Start Date +Set End Date
'); +# +# Course level +# + $r->print(&course_level_table(%inccourses)); + $r->print("
\n"); + $r->print(""); +} + +# ================================================================= Phase Three +sub update_user_data { + my $r=shift; + my $uhome=&Apache::lonnet::homeserver($ENV{'form.ccuname'}, + $ENV{'form.ccdomain'}); + # Error messages + my $error = 'Error:'; + my $end = ''; + # Print header + $r->print(< + +The LearningOnline Network with CAPA + +ENDTHREEHEAD + my $title; + if (exists($ENV{'form.makeuser'})) { + $title='Set Privileges for New User'; + } else { + $title='Modify User Privileges'; + } + $r->print(&Apache::loncommon::bodytag($title)); + # Check Inputs + if (! $ENV{'form.ccuname'} ) { + $r->print($error.'No login name specified.'.$end); + return; + } + if ( $ENV{'form.ccuname'} =~/\W/) { + $r->print($error.'Invalid login name. '. + 'Only letters, numbers, and underscores are valid.'. + $end); + return; + } + if (! $ENV{'form.ccdomain'} ) { + $r->print($error.'No domain specified.'.$end); + return; + } + if ( $ENV{'form.ccdomain'} =~/\W/) { + $r->print($error.'Invalid domain name. '. + 'Only letters, numbers, and underscores are valid.'. + $end); + return; + } + if (! exists($ENV{'form.makeuser'})) { + # Modifying an existing user, so check the validity of the name + if ($uhome eq 'no_host') { + $r->print($error.'Unable to determine home server for '. + $ENV{'form.ccuname'}.' in domain '. + $ENV{'form.ccdomain'}.'.'); + return; + } + } + # Determine authentication method and password for the user being modified + my $amode=''; + my $genpwd=''; + if ($ENV{'form.login'} eq 'krb') { + $amode='krb'; + $amode.=$ENV{'form.krbver'}; + $genpwd=$ENV{'form.krbarg'}; + } elsif ($ENV{'form.login'} eq 'int') { + $amode='internal'; + $genpwd=$ENV{'form.intarg'}; + } elsif ($ENV{'form.login'} eq 'fsys') { + $amode='unix'; + $genpwd=$ENV{'form.fsysarg'}; + } elsif ($ENV{'form.login'} eq 'loc') { + $amode='localauth'; + $genpwd=$ENV{'form.locarg'}; + $genpwd=" " if (!$genpwd); + } elsif (($ENV{'form.login'} eq 'nochange') || + ($ENV{'form.login'} eq '' )) { + # There is no need to tell the user we did not change what they + # did not ask us to change. + # If they are creating a new user but have not specified login + # information this will be caught below. + } else { + $r->print($error.'Invalid login mode or password'.$end); + return; + } + if ($ENV{'form.makeuser'}) { + # Create a new user + $r->print(<Creating user "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}" +ENDNEWUSERHEAD + # Check for the authentication mode and password + if (! $amode || ! $genpwd) { + $r->print($error.'Invalid login mode or password'.$end); + return; + } + # Determine desired host + my $desiredhost = $ENV{'form.hserver'}; + if (lc($desiredhost) eq 'default') { + $desiredhost = undef; + } else { + my %home_servers = &Apache::loncommon::get_library_servers + ($ENV{'form.ccdomain'}); + if (! exists($home_servers{$desiredhost})) { + $r->print($error.'Invalid home server specified'); + return; + } + } + # Call modifyuser + my $result = &Apache::lonnet::modifyuser + ($ENV{'form.ccdomain'},$ENV{'form.ccuname'},$ENV{'form.cstid'}, + $amode,$genpwd,$ENV{'form.cfirst'}, + $ENV{'form.cmiddle'},$ENV{'form.clast'},$ENV{'form.cgen'}, + undef,$desiredhost + ); + $r->print('Generating user: '.$result); + my $home = &Apache::lonnet::homeserver($ENV{'form.ccuname'}, + $ENV{'form.ccdomain'}); + $r->print('
Home server: '.$home.' '. + $Apache::lonnet::libserv{$home}); + } elsif (($ENV{'form.login'} ne 'nochange') && + ($ENV{'form.login'} ne '' )) { + # Modify user privileges + $r->print(<User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}" +ENDMODIFYUSERHEAD + if (! $amode || ! $genpwd) { + $r->print($error.'Invalid login mode or password'.$end); + return; + } + # Only allow authentification modification if the person has authority + if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'})) { + $r->print('Modifying authentication: '. + &Apache::lonnet::modifyuserauth( + $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, + $amode,$genpwd)); + $r->print('
Home server: '.&Apache::lonnet::homeserver + ($ENV{'form.ccuname'},$ENV{'form.ccdomain'})); + } else { + # Okay, this is a non-fatal error. + $r->print($error.'You do not have the authority to modify '. + 'this users authentification information.'); + } + } + ## + if (! $ENV{'form.makeuser'} ) { + # Check for need to change + my %userenv = &Apache::lonnet::get + ('environment',['firstname','middlename','lastname','generation'], + $ENV{'form.ccdomain'},$ENV{'form.ccuname'}); + my ($tmp) = keys(%userenv); + if ($tmp =~ /^(con_lost|error)/i) { + %userenv = (); + } + # Check to see if we need to change user information + foreach ('firstname','middlename','lastname','generation') { + # Strip leading and trailing whitespace + $ENV{'form.c'.$_} =~ s/(\s+$|^\s+)//g; + } + if (&Apache::lonnet::allowed('mau',$ENV{'form.ccdomain'}) && + ($ENV{'form.cfirstname'} ne $userenv{'firstname'} || + $ENV{'form.cmiddlename'} ne $userenv{'middlename'} || + $ENV{'form.clastname'} ne $userenv{'lastname'} || + $ENV{'form.cgeneration'} ne $userenv{'generation'} )) { + # Make the change + my %changeHash; + $changeHash{'firstname'} = $ENV{'form.cfirstname'}; + $changeHash{'middlename'} = $ENV{'form.cmiddlename'}; + $changeHash{'lastname'} = $ENV{'form.clastname'}; + $changeHash{'generation'} = $ENV{'form.cgeneration'}; + my $putresult = &Apache::lonnet::put + ('environment',\%changeHash, + $ENV{'form.ccdomain'},$ENV{'form.ccuname'}); + if ($putresult eq 'ok') { + # Tell the user we changed the name + $r->print(<<"END"); + + + + + + + + + + + + + + + + + +
User Information Changed
 firstmiddlelastgeneration
Previous$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}
Changed To$ENV{'form.cfirstname'} $ENV{'form.cmiddlename'} $ENV{'form.clastname'} $ENV{'form.cgeneration'}
+END + } else { # error occurred + $r->print("

Unable to successfully change environment for ". + $ENV{'form.ccuname'}." in domain ". + $ENV{'form.ccdomain'}."

"); + } + } else { # End of if ($ENV ... ) logic + # They did not want to change the users name but we can + # still tell them what the name is + $r->print(<<"END"); +

User "$ENV{'form.ccuname'}" in domain "$ENV{'form.ccdomain'}"

+

$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'}

+

Generation: $userenv{'generation'}

+END + } + } + ## + my $now=time; + $r->print('

Modifying Roles

'); + foreach (keys (%ENV)) { + next if (! $ENV{$_}); + # Revoke roles + if ($_=~/^form\.rev/) { + if ($_=~/^form\.rev\:([^\_]+)\_([^\_\.]+)$/) { +# Revoke standard role + $r->print('Revoking '.$2.' in '.$1.': '. + &Apache::lonnet::revokerole($ENV{'form.ccdomain'}, + $ENV{'form.ccuname'},$1,$2).'
'); + if ($2 eq 'st') { + $1=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Drop from classlist: '. + &Apache::lonnet::critical('put:'. + $ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape($ENV{'form.ccuname'}.':'. + $ENV{'form.ccdomain'}).'='. + &Apache::lonnet::escape($now.':'), + $ENV{'course.'.$cid.'.home'}).'
'); + } + } + if ($_=~/^form\.rev\:([^\_]+)\_cr\.cr\/(\w+)\/(\w+)\/(\w+)$/) { +# Revoke custom role + $r->print( + 'Revoking custom role '.$4.' by '.$3.'@'.$2.' in '.$1.': '. +&Apache::lonnet::revokecustomrole($ENV{'form.ccdomain'}, + $ENV{'form.ccuname'},$1,$2,$3,$4). + '
'); + } + } elsif ($_=~/^form\.del/) { + if ($_=~/^form\.del\:([^\_]+)\_([^\_]+)$/) { + $r->print('Deleting '.$2.' in '.$1.': '. + &Apache::lonnet::assignrole($ENV{'form.ccdomain'}, + $ENV{'form.ccuname'},$1,$2,$now,0,1).'
'); + if ($2 eq 'st') { + $1=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Drop from classlist: '. + &Apache::lonnet::critical('put:'. + $ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape($ENV{'form.ccuname'}.':'. + $ENV{'form.ccdomain'}).'='. + &Apache::lonnet::escape($now.':'), + $ENV{'course.'.$cid.'.home'}).'
'); + } + } + } elsif ($_=~/^form\.act/) { + if +($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_cr_cr_([^\_]+)_(\w+)_([^\_]+)$/) { + # Activate a custom role + my $url='/'.$1.'/'.$2; + my $full=$1.'_'.$2.'_cr_cr_'.$3.'_'.$4.'_'.$5; + if ($ENV{'form.sec_'.$full}) { + $url.='/'.$ENV{'form.sec_'.$full}; + } + + my $start = ( $ENV{'form.start_'.$full} ? + $ENV{'form.start_'.$full} : + $now ); + my $end = ( $ENV{'form.end_'.$full} ? + $ENV{'form.end_'.$full} : + 0 ); + + $r->print('Assigning custom role "'.$5.'" by '.$4.'@'.$3.' in '.$url. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': '. + &Apache::lonnet::assigncustomrole( + $ENV{'form.ccdomain'},$ENV{'form.ccuname'},$url,$3,$4,$5,$end,$start). + '
'); + } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) { + # Activate roles for sections with 3 id numbers + # set start, end times, and the url for the class + + my $start = ( $ENV{'form.start_'.$1.'_'.$2.'_'.$3} ? + $ENV{'form.start_'.$1.'_'.$2.'_'.$3} : + $now ); + my $end = ( $ENV{'form.end_'.$1.'_'.$2.'_'.$3} ? + $ENV{'form.end_'.$1.'_'.$2.'_'.$3} : + 0 ); + my $url='/'.$1.'/'.$2; + if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) { + $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3}; + } + # Assign the role and report it + $r->print('Assigning '.$3.' in '.$url. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': '. + &Apache::lonnet::assignrole( + $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, + $url,$3,$end,$start). + '
'); + # Handle students differently + if ($3 eq 'st') { + $url=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Add to classlist: '. + &Apache::lonnet::critical( + 'put:'.$ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape( + $ENV{'form.ccuname'}.':'. + $ENV{'form.ccdomain'} ).'='. + &Apache::lonnet::escape($end.':'.$start), + $ENV{'course.'.$cid.'.home'}) + .'
'); + } + } elsif ($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) { + # Activate roles for sections with two id numbers + # set start, end times, and the url for the class + my $start = ( $ENV{'form.start_'.$1.'_'.$2} ? + $ENV{'form.start_'.$1.'_'.$2} : + $now ); + my $end = ( $ENV{'form.end_'.$1.'_'.$2} ? + $ENV{'form.end_'.$1.'_'.$2} : + 0 ); + my $url='/'.$1.'/'; + # Assign the role and report it. + $r->print('Assigning '.$2.' in '.$url.': '. + ($start?', starting '.localtime($start):''). + ($end?', ending '.localtime($end):'').': '. + &Apache::lonnet::assignrole( + $ENV{'form.ccdomain'},$ENV{'form.ccuname'}, + $url,$2,$end,$start) + .'
'); + } else { + $r->print('

ERROR: Unknown command '.$_.'


'); + } + } + } # End of foreach (keys(%ENV)) + $r->print(''); +} + +# ========================================================== Custom Role Editor + +sub custom_role_editor { + my $r=shift; + my $rolename=$ENV{'form.rolename'}; + + if ($rolename eq 'make new role') { + $rolename=$ENV{'form.newrolename'}; + } + + $rolename=~s/[^A-Za-z0-9]//gs; + + unless ($rolename) { + &print_username_entry_form($r); + return; + } + + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges').'

'); + my $syspriv=''; + my $dompriv=''; + my $coursepriv=''; + my ($rdummy,$roledef)= + &Apache::lonnet::get('roles',["rolesdef_$rolename"]); +# ------------------------------------------------------- Does this role exist? + if (($rdummy ne 'con_lost') && ($roledef ne '')) { + $r->print('Existing Role "'); +# ------------------------------------------------- Get current role privileges + ($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef); + } else { + $r->print('New Role "'); + $roledef=''; + } + $r->print($rolename.'"

'); +# ------------------------------------------------------- What can be assigned? + my %full=(); + my %courselevel=(); + my %courselevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $courselevel{$priv}=$restrict; + if ($coursepriv=~/\:$priv/) { + $courselevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + my %domainlevel=(); + my %domainlevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $domainlevel{$priv}=$restrict; + if ($dompriv=~/\:$priv/) { + $domainlevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + my %systemlevel=(); + my %systemlevelcurrent=(); + foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict='F'; } + $systemlevel{$priv}=$restrict; + if ($syspriv=~/\:$priv/) { + $systemlevelcurrent{$priv}=1; + } + $full{$priv}=1; + } + $r->print(< + + + + + +ENDCCF + foreach (sort keys %full) { + $r->print(''); + } + $r->print( + '
PrivilegeCourse LevelDomain LevelSystem Level
'.&Apache::lonnet::plaintext($_).''. + ($courselevel{$_}?'':' '). + ''. + ($domainlevel{$_}?'':' '). + ''. + ($systemlevel{$_}?'':' '). + '
'); +} + +# ---------------------------------------------------------- Call to definerole +sub set_custom_role { + my $r=shift; + + my $rolename=$ENV{'form.rolename'}; + + $rolename=~s/[^A-Za-z0-9]//gs; + + unless ($rolename) { + &print_username_entry_form($r); + return; + } + + $r->print(&Apache::loncommon::bodytag( + 'Create Users, Change User Privileges').'

'); + my ($rdummy,$roledef)= + &Apache::lonnet::get('roles',["rolesdef_$rolename"]); +# ------------------------------------------------------- Does this role exist? + if (($rdummy ne 'con_lost') && ($roledef ne '')) { + $r->print('Existing Role "'); + } else { + $r->print('New Role "'); + $roledef=''; + } + $r->print($rolename.'"

'); +# ------------------------------------------------------- What can be assigned? + my $sysrole=''; + my $domrole=''; + my $courole=''; + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:c'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':c'}) { + $courole.=':'.$_; + } + } + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:d'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':d'}) { + $domrole.=':'.$_; + } + } + + foreach (split(/\:/,$Apache::lonnet::pr{'cr:s'})) { + my ($priv,$restrict)=split(/\&/,$_); + unless ($restrict) { $restrict=''; } + if ($ENV{'form.'.$priv.':s'}) { + $sysrole.=':'.$_; + } + } + $r->print('
Defining Role: '. + &Apache::lonnet::definerole($rolename,$sysrole,$domrole,$courole)); + if ($ENV{'request.course.id'}) { + my $url='/'.$ENV{'request.course.id'}; + $url=~s/\_/\//g; + $r->print('
Assigning Role to Self: '. + &Apache::lonnet::assigncustomrole($ENV{'user.domain'}, + $ENV{'user.name'}, + $url, + $ENV{'user.domain'}, + $ENV{'user.name'}, + $rolename)); + } + $r->print(''); +} + +# ================================================================ Main Handler +sub handler { + my $r = shift; + + if ($r->header_only) { + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + return OK; + } + + if ((&Apache::lonnet::allowed('cta',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('cca',$ENV{'request.role.domain'})) || + (&Apache::lonnet::allowed('mau',$ENV{'request.role.domain'}))) { + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + unless ($ENV{'form.phase'}) { + &print_username_entry_form($r); + } + if ($ENV{'form.phase'} eq 'get_user_info') { + &print_user_modification_page($r); + } elsif ($ENV{'form.phase'} eq 'update_user_data') { + &update_user_data($r); + } elsif ($ENV{'form.phase'} eq 'selected_custom_edit') { + &custom_role_editor($r); + } elsif ($ENV{'form.phase'} eq 'set_custom_roles') { + &set_custom_role($r); + } } else { $ENV{'user.error.msg'}= - "/adm/createcourse:ccc:0:0:Cannot create courses"; + "/adm/createuser:mau:0:0:Cannot modify user data"; return HTTP_NOT_ACCEPTABLE; } return OK; } +#-------------------------------------------------- functions for &phase_two +sub course_level_table { + my %inccourses = @_; + my $table = ''; +# Custom Roles? + + my %customroles=&my_custom_roles(); + + foreach (sort( keys(%inccourses))) { + my $thiscourse=$_; + my $protectedcourse=$_; + $thiscourse=~s:_:/:g; + my %coursedata=&Apache::lonnet::coursedescription($thiscourse); + my $area=$coursedata{'description'}; + if (!defined($area)) { $area='Unavailable course: '.$_; } + my $bgcol=$thiscourse; + $bgcol=~s/[^7-9a-e]//g; + $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',2,6); + foreach ('st','ta','ep','ad','in','cc') { + if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) { + my $plrole=&Apache::lonnet::plaintext($_); + $table .= < + + + +ENDEXTENT + if ($_ ne 'cc') { + $table .= < +ENDSECTION + } else { + $table .= <  +ENDSECTION + } + $table .= < +Set Start Date + +ENDTIMEENTRY + $table.= "\n"; + } + } + foreach (sort keys %customroles) { + if (&Apache::lonnet::allowed('ccr',$thiscourse)) { + my $plrole=$_; + my $customrole=$protectedcourse.'_cr_cr_'.$ENV{'user.domain'}. + '_'.$ENV{'user.name'}.'_'.$plrole; + $table .= < + + + + + + +ENDENTRY + } + } + } + return '' if ($table eq ''); # return nothing if there is nothing + # in the table + my $result = <Course Level +
$plrole$area +Set End Date
$plrole$area +Set Start Date +Set End Date
+ +$table +
ActivateRoleExtentGroup/SectionStartEnd
+ENDTABLE + return $result; +} +#---------------------------------------------- end functions for &phase_two + +#--------------------------------- functions for &phase_two and &phase_three + +#--------------------------end of functions for &phase_two and &phase_three + 1; __END__ + +